Skip to content

Cryptography

Concept · Chapter 11

  • The study and practice of keeping information secret.
  • Supports confidentiality, integrity, and non-repudiation, enabling secure communication. Two core tools: encryption and cryptographic hash functions.
  • Transforms plaintext into unreadable ciphertext using an algorithm + key; larger keys mean stronger but slower encryption.
  • Reversible: decryption recovers the original value. Use encryption (not hashing) when the decrypted value must be recovered — e.g. sending a secure message the recipient must read.
  • The algorithm pair is called a cipher. Two types:
TypeAlso calledKeysNotes
SymmetricSecret keyOne shared key for both operationsFaster; drawback: both parties must hold the secret key
AsymmetricPublic keyPublic key (shareable) + private key (secret)Either key encrypts, the opposite decrypts; slower
  • A hash function maps any-size input to a fixed-size output (the hash / message digest / digest). e.g. SHA-256 always yields a 256-bit (32-byte) value.
  • Not reversible — unlike encryption. Prefer hashing over encryption when the original value never needs recovering.
  • General uses: file-equality comparison, checksums, finding similar records, hash tables, Bloom filters.
  • A cryptographic hash function guarantees properties that make it secure (used for digital signatures, HTTPS certificates, SSL/TLS, SSH). Non-cryptographic hashes are faster but weaker.

Properties of a cryptographic hash function

Section titled “Properties of a cryptographic hash function”
  • Quick — fast to compute, or dependent processes degrade.
  • Deterministic — same input always yields the same hash (lets you compare hashes without knowing the input).
  • One-way — infeasible (impractical, not literally impossible) to recover a message from its hash without brute force.
  • Collision resistant — infeasible to find two inputs with the same hash. MD5 and SHA-1 have known collisions and must not be used for cryptography.
  • Avalanche effect — a tiny input change produces a wildly different, uncorrelated hash.
  • Software Architect’s Handbook (Packt, 2018), Ch.11 “Cryptography”, pp. 868-873.